About 1,900 current and former employees with California-based College of the Desert had personal information – including Social Security numbers – exposed in a spreadsheet that a worker attached to an email, without authorization, and sent to about 78 staffers.
How many victims? About 1,900, according to reports.
What type of personal information? Names, dates of birth, genders, home zip codes, Social Security numbers, titles of positions held at the college, start and end dates of positions held, employment anniversary dates, employee identification numbers, health insurance benefit plan selections, health insurance subscriber identification numbers, amounts or costs of health insurance subscriber premiums, and active or retired employee statuses.
What happened? An employee, without authorization, attached a spreadsheet – containing the personal information – to an email and sent it to about 78 staffers.
What was the response? A message recall was attempted, and steps were taken to ensure that the email was deleted from everyone's email box. Additional security protocols and procedures are being implemented for the protection of personal information. All impacted individuals are being notified, and offered a free year of credit monitoring services.
Details: The incident occurred on Thursday. The message recall occurred within an hour, but it was still possible that the email was delivered to roughly 50 employees. The email was deleted from everyone's email boxes within 24 hours.
Quote: “We cannot determine how many people actually opened the email or viewed the attachment,” according to the notification.
Source: oag.ca.gov, “Data Security Breach Notification,” June 8, 2014.